|
Bugtraq
mailing list archives
Re: who
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 29 Jul 1998 21:30:48 +0100
an admin may want to use sgid/suid to prevent users from directly reading
utmp/wtmp. i think it's good idea, not allowing every one to read files
they don't need to read.
But that group shouldn't be a general group for
all kinds of these special permission handlings,
cause via for example 'who' you can gain access to this group.
i don't know if any distribution defaults to setting any group permissions
but many sysadmins i know do so.
If you setuid arbitary programs without reviewing them you get hurt. Thats
to say arbitary programs should not be properly behaved and not do stupid
things based on third party actions. They can't however protect people
from a sysadmin who put 's' bits where he likes without checking the code.
Alan
 By Date 
By Thread
Current thread:
- Re: who Paul Boehm (Jul 29)
- Re: who Alan Cox (Jul 29)
| 
Intro
